Custom https-cert causes infinite hang at startup

I have set the syncthing web gui listen address to 0.0.0.0:8384 and imported a custom https-cert.pem / https-key.pem with CN=myphone.mydomain.com signed by my home lab's CA.

With the most recent App version, this causes syncthing to go into an infinite hang upon startup.  It appears that PollWebGuiAvailTask throws an error if the certificate does not validate (maybe because it doesn't detect my home lab root CA cert in the Android trust store, or the CN/SNI of the certificate is not what is required?).

## Expected behavior

Any of these (roughly in order of usability):
- accept the certificate (which makes sense since the phone owner put it there, which is the ultimate assertion of its validity)
- when the local app is connecting to the local web server, do not attempt or validate https (so no certificate is required for local use), and only offer the certificate to remote web clients.  Makes sense since the native app talking to the native web GUI is secure without SSL.  Demote "unverified https-cert" from an error to a warning.
- show an error message instead of hanging (perhaps with an option to replace the unacceptable certificates with generated ones in order to continue).

## Actual behavior

Upon startup, the app hangs with a spinner in an infinite loop.  Logcat continuously repeats this error:

```
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: Unexpected error while polling web gui
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: com.android.volley.NoConnectionError: javax.net.ssl.SSLHandshakeException: error:1a000064:ECDSA routines:OPENSSL_internal:BAD_SIGNATURE
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.volley.toolbox.NetworkUtility.shouldRetryException(NetworkUtility.java:173)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.volley.toolbox.BasicNetwork.performRequest(BasicNetwork.java:145)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.volley.NetworkDispatcher.processRequest(NetworkDispatcher.java:132)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.volley.NetworkDispatcher.processRequest(NetworkDispatcher.java:111)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.volley.NetworkDispatcher.run(NetworkDispatcher.java:90)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: Caused by: javax.net.ssl.SSLHandshakeException: error:1a000064:ECDSA routines:OPENSSL_internal:BAD_SIGNATURE
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:356)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1134)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1089)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:876)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:747)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:712)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.processDataFromSocket(ConscryptEngineSocket.java:896)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.-$$Nest$mprocessDataFromSocket(Unknown Source:0)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.org.conscrypt.ConscryptEngineSocket.doHandshake(ConscryptEngineSocket.java:236)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.org.conscrypt.ConscryptEngineSocket.startHandshake(ConscryptEngineSocket.java:218)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:196)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:153)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:116)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:186)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:128)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:97)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:289)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:232)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:465)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:411)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getResponseCode(HttpURLConnectionImpl.java:542)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getResponseCode(DelegatingHttpsURLConnection.java:106)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:30)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.volley.toolbox.HurlStack.executeRequest(HurlStack.java:91)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	at com.android.volley.toolbox.BasicNetwork.performRequest(BasicNetwork.java:104)
03-07 12:34:20.421 24771 24771 W PollWebGuiAvailableTask: 	... 3 more
```

### Version Information

    App Version: 1.27.3
    Syncthing Version: 1.27.3
    Android Version: Android 14

## Workaround 

Open to ideas.  Goal is to present the syncthing web gui as a trusted site in my domain.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Custom https-cert causes infinite hang at startup #2067

Expected behavior

Actual behavior

Version Information

Workaround

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Custom https-cert causes infinite hang at startup #2067

Description

Expected behavior

Actual behavior

Version Information

Workaround

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions